Informatica: [] XSS on "isJTN"

ID H1:190020
Type hackerone
Reporter modam3rly
Modified 2017-04-07T16:29:46


hi , i found XSS bug on parameter "isJTN=" at give you ability to run java script code tested on firefox 50.0.2 also on old version of google chrome in the last version , but if try this bug in chrome last version you will got a source code displayed on page with out run cuz security protected stop XSS code

  • POC

used payload : </ScrIpt><SCRIPT>+alert("X");</SCRIPT></ScrIpt><SCRIPT>+alert("X");</SCRIPT>true&isQuickApply=false

are this eligible for swag !? cheer